ID: 14082
Updated by: derick
Reported By: [EMAIL PROTECTED]
Old Status: Open
Status: Closed
Bug Type: Variables related
Operating System: i686-pc-linux-gnu
PHP Version: 4.0CVS-2001-11-16
New Comment:
Fixed in CVS
Derick
Previous Comments:
------------------------------------------------------------------------
[2001-11-16 08:20:28] [EMAIL PROTECTED]
Hi,
i have detect two annoyingly bugs ;-) with serialize/unserialize.
The first bug indicate that unserialize can't work with negative
integer numbers.
The second problem brings php to crash! Unserialize
crash if you manipulate the count of expecting array
vars.
Bug 1:
<?php
// Results: 'Warning: unserialize() failed at offset 13 of 39 bytes'
// and an empty result string, but not false
// because $foo['a'] is -1
error_reporting(2047);
$foo['a']=(int)-1;
$foo['b']=(string)'Paris';
$bar=serialize($foo);
if ($bar!=false){
echo $bar;
$nop=unserialize($bar);
print_r($nop);
}
?>
---------------
Bug 2:
<?php
// Result: PHP crash, because the array number is smaller than serialized string
error_reporting(2047);
$ser_string='a:1:{s:1:"a";i:1000;s:1:"b";s:5:"Paris";}';
// ^- actually 2
$unser_string=unserialize($ser_string);
?>
I have tried to make a bt, but gdb notify no fault.
In debug mode some of my script warns with this:
"Warning: String is not zero-terminated (source: ./zend_execute.c:449)"
but i think that is another problem.
------------------------------------------------------------------------
Edit this bug report at http://bugs.php.net/?id=14082&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
